Documents Show FBI Deployed Software Exploits To Break Encryption Back In 2003
from the and-privacy-and-security-for-none... dept
Documents FOIA’ed by Ryan Shapiro and shared with the New York Times shed some new light on previous FBI efforts to break encryption. Back in 2003, the FBI was investigating an animal rights group for possibly sabotaging companies that used animals for testing. The FBI’s Department of Cutesy Investigation Names dubbed this “Operation Trail Mix,” which I’m sure endeared it to the agents on the case. At the center of the investigation were emails the FBI couldn’t read. But it found a way.
They persuaded a judge to let them remotely, and secretly, install software on the group’s computers to help get around the encryption.
That effort, revealed in newly declassified and released records, shows in new detail how F.B.I. hackers worked to defeat encryption more than a decade before the agency’s recent fight with Apple over access to a locked iPhone.
The documents don’t detail what the exploit was, but it targeted PGP — the encryption method used to keep the group’s communications private. The FBI was able to obtain a “full access” warrant to grab every communication, but that did nothing to decode the scrambled emails. The documents don’t specify what the FBI used, but language suggests it either copied the decryption keys or deployed a keylogger to snag passwords.
Either way, it apparently was the first time the FBI had deployed its own malware.
“This was the first time that the Department of Justice had ever approved such an intercept of this type,” an F.B.I. agent wrote in a 2005 document summing up the case.
The secrecy surrounding the FBI’s tactics was nearly absolute. The wiretap order was disclosed to the defense but not the use of an exploit/keylogger. On top of that, the DOJ never mentioned the FBI’s efforts in its 2002 and 2003 annual reports, despite being required to report any instance where it runs across encryption during a wiretap investigation.
Not that the DOJ and FBI’s lack of transparency harmed their case. It resulted in six convictions, and a higher court basically said the use of encryption was suspicious in and of itself.
An appeals court upheld the convictions in 2009, and said that the use of encryption, among other things, was “circumstantial evidence of their agreement to participate in illegal activity.”
What the documents do show is that the FBI has been in the fight against encryption for a long time and in the business of deploying malware and exploits without judicial oversight for about as long. What has changed is that it’s now openly fighting encryption by trying to force compliance throught the use of All Writs Acts. It’s also deploying a variety of exploits that can — with a single warrant — access info about any computer/device visiting a website.
It may be more open about its intents and tool usage now, but that’s not because it’s gained new respect for things like due process and accurate warrant applications. It’s doing this now because it needs an upper-level court ruling in its favor to basically excuse the things it’s been doing in secret for years, as well as give it the permission it needs to continue to undermine encryption in the future.
Filed Under: animal rights, cracking, encryption, fbi, hacking
Comments on “Documents Show FBI Deployed Software Exploits To Break Encryption Back In 2003”
… and so what?
Slow news day?
american fuckwits cunts holes
american fuckwits cuntholes
“They persuaded a judge to let them remotely, and secretly, install software on the group’s computers to help get around the encryption.”
I’m so sick of our Government. Partisan politics aside, who in their right mind believes that MORE government is better? That more regulation is better? Look at what they do when we give them power… LOOK AT IT! You think checks and balances are working? They Judge shop until they find one that will sign off on their bullshit. It’s a complete joke. They are completely out of control.
We need a new party. One that promotes less Government, more over-sight (and over-sight with real teeth). One that even with less Government and regulation, is still able to maintain some type of social responsibility that promotes employment and growth, instead of status quo promoting subsidies and entitlements.
Re: Re:
We need a new party.
There are loads of new parties. Pick one and vote for it instead of wetting your pants over the possibility that either Bad or Worse will get in. Is there a Pirate Party in your state?
One that promotes less Government, more over-sight (and over-sight with real teeth).
Erm, a government is required to do all that; private enterprise won’t. Besides, “government” is usually dog whistle for “social programs.” Decide on what “government” actually means before declaring that you want less of it.
One that even with less Government and regulation, is still able to maintain some type of social responsibility that promotes employment and growth
In many of the Red states on your side of the Pond they’re leaving it to private enterprise to do all of that. Surprise, surprise! It seems that there are strings attached to receiving assistance, from private enterprise, particularly religious groups.
instead of status quo promoting subsidies and entitlements.
There will always be subsidies and entitlements of one kind or another. Please bear in mind that “entitlement” is dog whistle for “welfare” when it actually means “earned benefits,” i.e. it’s been paid for by the individual’s taxes.
And you can’t live without government of some kind or another unless you are willing to live completely off the grid.
http://capx.co/private-cities-a-disruptive-technology-for-the-state-market/
Re: Re: Re:
I agree 100% that we need viable parties aside from the Rs and Ds. Unfortunately, election laws are set up to make it essentially impossible.
So step 1 has to be to change those laws, but changing those laws is something that both the Rs and Ds would join hands and fight with everything they have.
Welcome, fellow criminals.
An appeals court upheld the convictions in 2009, and said that the use of encryption, among other things, was “circumstantial evidence of their agreement to participate in illegal activity.”
If you’re reading this on Techdirt, guess what, you’re now a criminal. The page is encrypted.
We can't see what you're doing so you must be up to no good
Holy. Fucking. Shitballs.
Re: We can't see what you're doing so you must be up to no good
Also considered circumstational evidence: curtains, walls, anything opaque.
and said that the use of encryption, among other things, was “circumstantial evidence of their agreement to participate in illegal activity.”
Beyond weak. It’s also evidence of a thousand other things, none of which is illegal.
I can’t wait to see TD’s post about this:
http://motherboard.vice.com/read/rcmp-blackberry-project-clemenza-global-encryption-key-canada
Re: Re:
Blackberry’s security problems were revealed a number of years ago. By coincidence(?), their domination of the smartphone industry ended within a year of that.
Re: Re:
Is it any surprise that Blackberry is struggling to keep its head above the water?
I don’t like touchscreens – don’t know if there’s something wrong with my fingers, but they never seem to work very well – and I would prefer a phone with a physical keyboard and trackpad. But the lack of security on BB devices is a big problem.
laws are for the slaves
Re: Laws are for the affluent.
If you are rich enough to hire a proper defense and prevent your meager assets from being seized entirely then you get to work within the framework of the law.
If you don’t have those, or your resources are successfully seized, then there’s nothing for you but plea-bargains and bullets.
Zebra Tactics
Phil’s been singin’ ONE major song since he first developed PGP: If everybody uses encryption, nobody stands out from the herd SIMPLY for using encryption. We ALL need stripes.
Magic Lantern?
> The documents don’t detail what the exploit was, but it targeted PGP (…) Either way, it apparently was the first time the FBI had deployed its own malware.
Sounds a bit like Magic Lantern, the FBI-built trojan that reportedly got activated when a suspect uses PGP encryption?
https://en.wikipedia.org/wiki/Magic_Lantern_%28software%29